Report: Russian crime ring in massive Internet data heist

A Russian crime ring has got its hands on more than a billion stolen Internet credentials, according to a New York Times report.

Citing records discovered by Hold Security, the New York Times reported on Tuesday that the stolen credentials include 1.2 billion password and username combinations and more than 500 million email addresses.

Research specialist Hold Security, which has a strong track record of uncovering data breaches, says that the stolen data was gathered from 420,000 websites. Organizations affected range from household names to small Internet sites, it said.

Last October Milwaukee-based Hold Security identified the disclosure of 153 million stolen credentials from Adobe Systems.

Citing nondisclosure agreements and a reluctance to identify companies still at risk, Hold Security would not name the victims of the hack that resulted in more than a billion stolen Internet credentials. However, a security expert not affiliated with Hold Security analyzed the data and confirmed its authenticity, at the request of the New York Times.

Hold Security has not yet responded to’s request for comment on this story.

A number of high-profile companies have fallen victim to hackers. Last year, for example, thieves stole the credit card numbers of 40 million Target customers.

Last month six people were indicted in connection to the cybercrime ring which allegedly defrauded StubHub out of $1 million. Manhattan District Attorney Cyrus Vance said that the indictments connected a global network of hackers, identity thieves and money-launderers.

On Monday restaurant chain P.F. Chang’s said that customer credit and debit card data may have been stolen from 33 of its China Bistro restaurants.

Adam Levin, chairman of Scottsdale, Arizona-based identity management specialist IDT911 told that hackers are keen to get their hands on whatever data they can.

"Every business is a target, every shred of data is a commodity,” he said, in an emailed statement. “While robust prevention will make any business a tougher target, the relative ease with which hackers seem to be gaining access, puts even greater emphasis on constant monitoring and threat assessment."

Follow James Rogers on Twitter @jamesjrogers